German Researcher Discovers SIM Card Encryption Flaw Exposing Smartphones - HotHardware
German Researcher Discovers SIM Card Encryption Flaw Exposing Smartphones

German Researcher Discovers SIM Card Encryption Flaw Exposing Smartphones

Cyber criminals are always on the hunt for ways to disrupt your digital life, and with mobile devices playing an increasingly important role in our day-to-day operations, you can bet they'll be paying attention to your tablet and smartphone. Speaking to the latter, a German security guru discovered a frightening flaw related to the encryption technology found in some SIM cards.

By exploiting the encryption hole, a remote attacker could easily figure out a SIM card's 56-digit key, and then use that key to send a virus to the SIM card through a simple text message. Karsten Nohl, founder of Security Research Labs, claims to have tested this out, saying he was then able to listen in on the caller, make purchases, and masquerade as the handset's owner, The New York Times reports. All that's required is a little know-how, a PC, and about two minutes time.

SIM Card Holder

"We can remotely install software on a handset that operates completely independently from your phone," Nohl said. “We can spy on you. We know your encryption keys for calls. We can read your SMS’s. More than just spying, we can steal data from the SIM card, your mobile identity, and charge to your account."

Scary stuff, and according to Nohl, some 750 million phones could be vulnerable to this rather easy-to-exploit security hole. Phones affected are those that have SIM cards relying on the older D.E.S. (data encryption standard) protocol. Around 3 billion mobile phones use D.E.S. encryption, and while carriers have started using Triple D.E.S., many SIM cards still rely on the older standard.

(Update 7/22, 10:47AM: Headline changed to reflect exploit seen on some SIM cards but not all.)
0
+ -

Inaccurate headline. Shame on you.

0
+ -

Headline correction made. The world "all" should not have been in there.

0
+ -

Why do Germans seem to be the ones constantly looking for and finding these bugs?

0
+ -

MayhemMatthew:

Why do Germans seem to be the ones constantly looking for and finding these bugs?

 

The Chaos Computer Club is in Germany, world largest hacking congress. they also put together a yearly gathering that makes defcon seem tiny.

 

Things were so much easier when you could just clone and IMEI and phone number by using an EPROM burner.

 

0
+ -

thats some scary stuff. im gonna go renew my simcard. ill be right back.......

Login or Register to Comment
Post a Comment
Username:   Password: